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packets in an authentication flow involving the end-node and 
Wherein the end-node is authorized based at least in part on the 
verification of the user information to transmit and receive 
through the edge node packets in data flows involving the end-node 
and other nodes in the institutional LAN. 

45 A An edge node for authorizing an end-node to an 
institutional LAN, the edge node comprising: 

an interface for receiving user information from the end-node 
via a LAN liirk for verification, 

wherein prior to verification of the user information the end- 
node is authorised to transmit and receive through the edge node 
packets in an authentication flow involving the end-node and 
wherein at least iX part in response to the verification of . the 
user information the NendVnode is authorized to transmit and receive 
through the edge node qacKets in data flows involving the end-node, 
and \ 

wherein the edge noke performs LAN media translations on the 
packets in the data fli^w^K 

46. An edge node for authorizing an end-node, the edge node 
comprising: \ 

an interface for receiving \aser information from the end-node 
via a LAN link for verification, \ 

wherein prior to verification of the user information the end- 
node is authorized to transmit and receive through the edge node 
packets in an authentication flow revolving the end-node and 
wherein at least in part in response tov verification of the user 
information the end-node is authorized Yo transmit and receive 
through the edge node packets in data flows Ninvolving the end-node, 
and \ 

wherein the edge node switches the packers in the data flows 
based at least in part on MAC addresses. \ 
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M7. An edge node for authorizing an end-node, the edge node 
comprising : 

an Vnterface for receiving user information from the end-node 
via a LAN\link for verification, 

wherein the end-node accesses the edge node via the interface 
and wherein Nat least in part in response to verification of the 
user information the interface transitions from an unauthenticated 
to an authenticated state, whereupon the edge node is authorized to 
transmit and receive packets in data flows involving the end-node 
and other nodes inVthe institutional LAN. 

48. The edge no)le of claim 47, wherein the interface reverts 
to the unauthenticated\sfe^te if a packet is not received from the 
end-node for a predetermined time period. 

49. The edge node of Vlaim 47, wherein the interface reverts 
to the unauthenticated IstateXupon detecting that the end-node has 
become disconnected. \ X 

50. An edge node for authorizing an end-node, the edge node 
comprising: \ 

an interface for receiving us&r information from an end-node 
via a LAN link for verification, \ 

wherein the end-node accesses Vthe edge node via a LAN 
interface and wherein at least in part \n response to verification 
of the user information the interface transitions from an 
unauthenticated to an authenticated state, \whereupon the edge node 
is authorized to transmit and receive packets in data flows 
involving the end-node, and \ 

wherein the edge node performs LAN mediaVranslations on the 
packets in the data flows. \ 
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51. V\n edge node for authorizing an end-node, the edge node 
comprising :\ 

an interface for receiving user information from the end-node 
via a LAN link for verification, 

wherein tl^e end-node accesses the edge node via the interface 
and wherein at jNeast in part in response to verification of the 
user information tme interface transitions from an unauthenticated 
to an authenticated Nstate, whereupon the edge node is authorized to 
transmit and receive V> ackets i n data flows involving the end-node, 
and \ 

wherein the edge nVde switches the packets in the data flows 
based at least in part oV MAC addresses. 

52. An edge node Vor authorizing an end-node to an 
institutional LAN, the edce\node comprising: 

an interface for receiving user information from the end-node 
via a LAN link for verification, 

wherein the edge node regulVtes packet flows from the end-node 
to an institutional LAN including^ verifying the user information. 

53. An edge node for authorizing an end-node to an 
institutional LAN, the edge node comprising: 

an interface for receiving user iirformation from the end-node 
via a LAN link for verification, \ 

wherein the edge node regulates packe\ flows from the end-node 
including verifying the user information and performing LAN media 
translations. \ 

54. An edge node for authorizing ar\ end-node to an 
institutional LAN, the edge node comprising: \ 

an interface for receiving user information from the end-node 
via a LAN link for verification, \ 



4 



Docket No. 41711/SAH/X2 
Application No. 09/886, 930 



wnerein the edge node regulates packet flows from the end-node 
including verifying the user information and performing LAN 
switching based at least in part on MAC addresses, 

55. An authentication agent for representing an edge node in 
an authentication protocol exchange with an end-node for access to 
an institutional LAN, the agent comprising: 

means foA transmitting a request for user information via a 
LAN link to the\end-node; 

means for receiving user information from the end-node via a 
LAN link in response to the request; 

means for transmitting the user information to an 
authentication server^ for verification; 

means for receding, verification information from the 
authentication server a^j l^ast in part in response to the user 
information; and 

access of the end-node to services of the 
le/ft:hrough the edge node in response to 



means for regulatinc 
institutional LAN availa 



the verification information, 

56. The authentication a^nt of claim 55, wherein the 
authentication agent is a software^ program. 

57. The authentication agent \ of claim 55, wherein the 
authentication agent is resident on tnte edge node. 

58. The authentication agent of Vlaim 55, wherein the 
authentication agent further includes mean\ for transmitting the 
verification information to the end-node. 



5 



Docket No. 41711/SAH/X2 
Application No. 09/886, 930 



64. \ (Amended) A user authentication system comprising; 
an edge node; 

an interface on the edge node for receiving an authentication 
information ifrom an end-node via a LAN link for verification; and 
an authentication server coupled to the edge node, 
wherein uhe edge node forwards the authentication information 
to the authentication server and the authentication server verifies 
the authentication information and provides a notification to the 
edge node that the authentication information has been verified, 
whereupon the edge node is authorized to provide LAN switching 
functions for packets in data flows involving the end-node, wherein 
the LAN switching /functions include performing LAN media 
translations on the Aacke\s. 



tern for authorizing an end-node, the 
iving user information from the end- 



66. An authentication s 1 
system comprising: 

a LAN interface fo^s^r^ce 
node via a LAN link; 

an authentication agent \f or receiving the user information 
from the LAN interface via a switching link; 

a backbone interface for receiving the user information from 
the authentication agent via the Switching link; and 

an authentication server for Veceiving the user information 
from the backbone interface for verification, 

wherein prior to verification of \he user information the LAN 
interface transmits on the switching link packets in an 
authentication flow involving the end-nod\ and wherein at least in 
part in response to verification of the us^r information the LAN 
interface is authorized to transmit on the switching link packets 
in data flows involving the end-node, 
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71. 



method for representing an edge node in an 



authentication protocol exchange with an end-node for access to an 
institutional LAN, the method comprising: 

transmitting a request for user information via a LAN link to 
the end-node ;\ 

receiving \user information from the end-node via the LAN link 
in response to ohe request; 

transmitting\ the user information to an authentication server 
for verification; \ 

receiving verification information from the authentication 
server at least in pstart in response to the user information; and 

regulating accesV^of the end-node to services of the 
institutional LAN availrable through the edge node in response to 
the verification information./ 

72. The method of claim 71 further comprising the step of 
transmitting the verification information to the end-node. 

73. A user authentication system for an institutional LAN 
having an edge node, the system (comprising : 

an end-node; and \ 

an interface on the end-node for transmitting user information 
via a LAN link to the edge node for Verification, 

wherein prior to verification of \he user information the end- 
node is authorized to transmit and receive through the edge node 
packets in an authentication flow involving the end-node and 
wherein at least in part in response toVthe verification of the 
user information the end-node is authorizedVto transmit and receive 
through the edge node packets in data flows Vnvolving the end-node 
and other nodes in the institutional LAN. \ 
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74. \ user authentication system for an institutional LAN 
having an edtae node, the system comprising: 

an end-nV>de; and 

an interface on the end-node for transmitting user information 
via a LAN linkyto the edge node; 

wherein pribr to verification of the user information the end- 
node is authorized to transmit and receive through the edge node 
packets in an authentication flow involving the end-node and 
wherein at least iny part in response to verification of the user 
information the end\node is authorized to transmit and receive 
through the edge node jackets in data flows involving the end-node, 
and 

wherein the edge n<3de performs LAN media translations on the 
packets in the data flows\ 

75. A user authentication system for an institutional LAN 
having an edge node, the syit^em/comprising : 

an end-node; and 

an interface on the end-node for transmitting user information 
via a LAN link to the edge node Vor verification, 

wherein prior to verification of the user information the end- 
node is authorized to transmit and receive through the edge node 
packets in an authentication flow involving the end-node and 
wherein at least in part in response to verification of the user 
information the end-node is authorised to transmit and receive 
through the edge node packets in data f^ows involving the end-node, 
and 

wherein the edge node switches the jackets in the data flows 
based at least in part on MAC addresses 



76. A user authentication system foj 
having an edge node with a first interface, 
an end-node; and 
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a\second interface on the end-node for transmitting user 
information via a LAN link to the edge node for verification, 

wheAein the end-node accesses the edge node via the first 
interface Yand wherein at least in part in response to verification 
of the useV information the first interface transitions from an 
unauthentic^ted to an authenticated state, whereupon the end-node 
is authorizedYto transmit and receive via the edge node packets in 
data flows involving the end-node. 



77. The system of claim 76, wherein the first interface 
reverts to the unaVthenticated state if a packet is not received 
from the end-node for a predetermined time period. 



f, claim 77, wherein the first interface 



78. The system 

reverts to the unauthinMcated state upon detecting that the end- 
node has become discorflnected - 



79. A user authentication system for an institutional LAN 
having an edge node with a filrst interface, the system comprising: 
an end-node; and 
a second interface on thk end-node for transmitting user 
information via a LAN link to theVedge node for verification, 

wherein the end-node accesses the edge node via the first 
interface and wherein at least in pa\t in response to verification 
of the user information the first interface transitions from an 
unauthenticated to an authenticated state, whereupon the end-node 
is authorized to transmit and receive vic\the edge node packets in 
data flows involving the end-node, and 

wherein the edge node performs LAN med\a translations on the 
packets in the data flows. 
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80. A user authentication system for an institutional LAN 
having an eage node with a first interface, the system comprising: 

an end-node; and 

a seconM interface on the end-node for transmitting user 
information via a LAN link to the edge node for verif ication, 

wherein trie end-node accesses the edge node via the first 
interface and wherein at least in part in response to verification 
of the user information the first interface transitions from an 
unauthenticated to an authenticated state, whereupon the end-node 
is authorized to transmit and receive via the edge node packets in 
data flows involving the end-node, and 

wherein the edge node switches the packets in the data flows 
based at least in parV ers\ MAC addresses. 

81. A user authentication system for an institutional LAN 
having an edge node, the^ystem comprising: 

an end-node havingr^ user interface for receiving user 
information and a LAN interface for transmitting the user 
information via a LAN link to the edge node, 

wherein the end-node is Authorized to send and receive through 
the edge node packets in data\ flows involving the end-node only 
after verification of the user \nformation. 

82. A user authentication sVstem for an institutional LAN 
having an edge node, the system comprising: 

an end-node having a user Vnterface for receiving user 
information and a LAN interface ror transmitting the user 
information via a LAN link to the edge Vode, 

wherein the edge node regulates packet, flows from the end-node 
including subjecting the user information to verification and 
performing LAN media translations. \ 
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83. K user authentication system for an institutional LAN 
having an edtae node, the system comprising: 

an end-rrode having a user interface for receiving user 
information any a LAN interface for transmitting the user 
information via LAN link to the edge node, 

wherein the eokje node regulates packet flows from the end-node 
including subjecting the user information to verification and 
performing LAN switching based at least in part on MAC addresses. 



84. An authentication client for representing an end-node in 
an authentication protocol exchange with an edge node coupled to 
the end-node via a LAN link\to obtain access for the end-node to 
services of an institutiona 
the client comprising : 

means for receiving a 
edge node; and 

means for transmitting \ls^t information to the edge node in 
response to the request . 



available through the edge node, 
request/ for user information from the 



85. The authentication client ofY claim 84, wherein the 
authentication client is a software prog^ 

86. The authentication client of cl^im 84, wherein the 
authentication client is resident on the end-\ode 

87. The authentication client of claim 84, further comprising 
means for receiving a request for second user info\mation from the 
edge node in response to the user information, 



88. The authentication client of cla im 87, further comprising 
means for transmitting the second user information to th\ edge node 
in response to the request for second user information. 
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89. The authentication client of claim 88, further comprising 
means for receiving verification information from the edge device 
in response y:o the second user information. 

90. The\authentication client of claim 84, wherein the end- 
node is a personal computer. 

91. The authentication client of claim 84, further comprising 
means for receiving Verification information from the edge device 
in response to the user information. 

92 . A system for authenticating a user including an edge node 
and an authentication servVr/nsoupled to the edge node, the system 
comprising: |v \ 

an end-node having k \ user interface for receiving a 
authentication information and ^LANL interface for transmitting the 
authentication information or a n#N link to the edge node, 

wherein the edge node forwardsv the authentication information 
to the authentication server and theNauthentication server verifies 
the authentication information and prVvides a notification to the 
edge node that the authentication information has been verified, 
whereupon the end-node is authorized fory access to services of a 
LAN infrastructure via the edge node. \ 

93. A system for authenticating a user including an edge node 
and an authentication server coupled to the ed^e node, the system 
comprising: \ 

an end-node having a user interface foir receiving a 
authentication information and a LAN interface for transmitting the 
authentication information on a LAN link to the edge, node, 

wherein the edge node forwards the authentication information 
to the authentication server and the authentication server verifies 
the authentication information and provides a notification to the 
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edge noae that the authentication information has been verified, 
whereupoK the edge node is authorized to provide LAN switching 
functions \f or packet flows involving the end-node. 

94. Thes. system of claim 93, wherein the LAN switching 
functions include forwarding and filtering in function of MAC 
addresses . 

95. The systW of claim 93, wherein the LAN switching 
functions include LAk media translations. 

96. A system foA authenticating a user including an edge 
node and an authentication server coupled to the edge node, the 
system comprising: 

user interface for receiving a 
a/LAN interface for transmitting the 
authentication information on aVLAN link to the edge node, 

wherein a message exchangeXbetween the edge node and the 
authentication server is conducted to verify the authentication 
information, whereupon the end-nodev is authorized for access to 
services of an institutional LAN via Vhe edge node, and 

wherein a security protocol is applied to secure the message 
exchange between the edge node and the authentication server. 



an end-node having 
authentication information 



97. A system for authenticating a uiser including an edge 
node and an authentication server coupled t^the edge node, the 
system comprising: 

an end-node having a user interface for managing interactions 
with the user in an authentication protocol exclrange and a LAN 
interface for managing interactions on a LAN link \ith the edge 
node in the authentication protocol exchange, 

wherein the edge node forwards information concerning the 
authentication protocol exchange to the authentication \erver in 
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response\to which the authentication server generates and stores in 
a database tracking information concerning the authentication 
protocol Exchange. 

98. Thk system of claim 97, wherein the tracking information 
includes user Ninformat ion . 

99. The system of claim 97 , wherein the tracking information 
includes network Itocation information. 



100. The system Vf claim 97 , wherein the tracking information 
includes time-of-day iA/o:ihjiation , 

101. A method for\ representing an end-node in an 
authentication protocol} excWnge with an edge node coupled to the 
end-node via a LAN liiVfe-^toX obtain access for the end-node to 
services of an institutional l\n available through the edge node, 
the method comprising: 

receiving a request for user\inf ormation from the edge node; 

and 

transmitting user information toVthe edge node in response to 
the request . 



102. The method of claim 101, furthe A comprising the step of 
receiving first verification information fr^m the edge node in 
response to the user information. 



103. The method of claim 102, further comprising the step of 
receiving a request for second user information fr6pi the edge node 
in response to the first verification information. 
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104. Tiae method of claim 103, further comprising the step of 
transmitting\second user information to the edge node in response 
to the request for second user information. 

105. The me\hod of claim 104, further comprising the step of 
receiving second verification information from the edge device in 
response to the second user information. 



106. An authentication system for authorizing an end-node to 
an institutional LAN, ujie gystem comprising: 

an edge node havihtf an interface for receiving a first 
response containing firsp, user information and second response 
containing second user in::o^nation from the end-node via a LAN link 
for verification, and 

wherein prior to verification of the second user information 

to ^^ansmit and receive through the edge 
node packets in an authentication flow involving the end-node and 
wherein the end-node is authorizeck in response to the verification 
of the second user information to tVansmit and receive through the 
edge node packets in data flows involving the end-node and other 
nodes in the institutional LAN, 



107. The system of claim 106 v^erein the second user 
information is received after verification of the first user 
information . 



108. (Amended) The system of claim 106, f\irther comprising an 
authentication server coupled to the edge nodev wherein the edge 
node transmits the second user information to tne authentication 
server, and the authentication server verifies t\e second user 
information . 
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109. ^ user authentication system for authorizing an end-node 
to an institutional LAN, the system comprising: 

an edge \node having an interface for receiving first user 
information anck second user information from the end-node via a LAN 
link for verification, 

wherein the >edge node causes verification of the first user 
information, and uppn verification of the first user information, 
the edge node recei^^and causes verification of the second user 
information, and 

wherein in resbo^se to verification of the second user 
information the interflac& transitions from an unauthenticated to an 
authenticated state, whereupon the edge node is authorized to 
transmit and receive packers in data flows involving the end-node 
and other nodes in the institutional LAN. 



110. An edge node for authorizing an end-node to an 
institutional LAN, the edge node comprising: 

an interface for receiving firsst user information and second 
user information from the end-node via\a LAN link for verification, 

wherein the edge node regulates packet flows from the end-node 
to an institutional LAN including causing Verification of the first 
user information and second user informat: 



113. A method for authorizing a\ end-node to an 

institutional LAN having a plurality of nodes including an edge 
node, the method comprising: 

transmitting from the end-node to the edge node\via a LAN link 
first user information; 

receiving a request for second user inforn^tion upon 
verification of the first user information; 

transmitting the second user information in respons\ to the 
request; 
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obtaining, upon verification of the second user information, 
authorization to transmit and receive through the edge node packets 
in data mows involving the end-node and the other nodes in the 
institutional LAN . 

114. (Amended) The method of claim 113, further comprising the 
step of performing LAN media translations within the edge node on 
packets transferred by the end-node through the edge node after the 
second verification. 

115. (New) A System for authorizing a user on an end-node to 
a LAN inf rastructureX the system comprising: 

an edge node; and\ 

an interface associated with the edge node for receiving user 
information from an end-pocte via a LAN link for verification; and 
an authentication server coupled to the edge node, 
wherein the edge noc^^forwards the user information to the 
authentication server and th\ authentication server verifies the 
user information and provides av notification to the edge node that 
the user information has been Yverif ied, whereupon the user is 
authorized for access to service^of a LAN infrastructure via the 
edge node. \ 

116. (New) The system of claim 1jS5, wherein the authentication 
server is a RADIUS server . \ 

117. (New) An authentication systemXfor authorizing an end- 
node, the system comprising: \ 

an edge node; \ 

an interface associated with the edgA node for managing 
interactions on a LAN link with the end-node i\ an authentication 
protocol exchange; and \ 
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a^i authentication server coupled to the edge node; 

wWerein the edge node forwards user information concerning the 
authentication protocol exchange to the authentication server in 
response \o which the authentication server generates and stores in 
a database^ tracking information concerning the authentication 
protocol exchange. 

118. (New)\ The system of claim 117, wherein the tracking 
information includes user information. 

119. (New) The^ system of claim 117, wherein the tracking 
information includes\network location information. 

120. (new) The system of claim 117, wherein the tracking 
information includes timfc-olf-day information. 

121. (New) A method Vor/ authorizing an end-node to an 
institutional LAN having apiurality of nodes including an edge 
node, the method comprising: \ 

enabling an authentication^ f low between the end-node and the 
edge node via a LAN link; \ 

receiving first user information from the end-node; 

performing a first verification attempt on the first user 
information; \ 

depending upon a result of the r^Lrst verification attempt, 
soliciting or not second user information from the end-node; 

performing a second verification attempt on the second user 
information; and \ 

depending upon a result of the second Verification attempt, 
authorizing or not the end-node to transmit ancKreceive through the 
edge node packets in data flows involving thev end-node and the 
other nodes in the institutional LAN. \ 
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122. \(New) A user authentication system comprising: 
an edge node; 

an interface on the edge node for receiving user information 
from an end-n&de via a LAN link for verification; and 

an authentication server coupled to the edge node; 
wherein tha edge node forwards the user information to the 
authentication server and the authentication server verifies the 
user information aW provides a notification to the edge node that 
the user information has been verified, whereupon the edge node is 
authorized to provide LAN switching for packets in data flows 
involving the end-node 



123. (New) A user\ authentication system comprising: 
an edge node; 

node for receiving user information 
for verification; and 
upled to the edge node via a secure 



an interface on the e 
from an end-node via a LAN 

an authentication ser 
connection; 

wherein the edge nod 
authentication server via 



ards the user information to the 
secure connection and the 
authentication server verifies thA user information and provides a 
notification to the edge node via \the secure connection that the 
user information has been verified, whereupon the edge node 
authorizes transmission on the edge i^pde of packets in data flows 
involving the end-node . 



124. (New) A user authentication \system comprising: 
an edge node; 

an interface on the edge node for receiving user information 
from an end-node via a LAN link for verification; and 

an authentication server coupled to the cedge node; 

wherein the edge node forwards the user information to the 
authentication server and the authentication server verifies the 
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ser information and provides a notification to the edge node that 
the\user information has been verified, whereupon the edge node 
authorizes communication within a VLAN of packets in data flows 
involviW the end-node. 

125. (N^w) The system of claim 124, wherein the notification 
identifies the\VLAN. 

126. (New) A u^e^ authentication system for a communication 
network, comprising : 



an end-node; 
an edge node comm 



micarang with the end-node over a LAN link; 



and 



an authentication server coupled to the edge node; 

wherein an authentication session is conducted in which the 
edge node attempts to collect from the\end-node and verify on the 
authentication server user information, ahd wherein the edge node 
terminates the authentication session upon cb^npleting a plurality 
of failed attempts. 



127. (New) The system of claim 126, wherein the authentication 
server is a RADIUS server. 



REMARKS 

By this amendment, Applicants voluntarily cancel certain 
claims (claims 59-63, 65, 67-70, 111 and 112) and add and amend 
certain others (claims 115-127 added; claims 64, 108 and 114 
amended) to more clearly recite the subject matter of the 
invention. Claims 44-58, 64, 66, 71-110, and 113-127 are presently 
pending . 
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